SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0000707: Would be good if we could automaticly set internal domains for SMTP and POP3? - MantisBT
MantisBT - Endian Firewall
View Issue Details
0000707Endian FirewallApplication Level Proxiespublic2008-04-23 13:452008-04-30 08:30
ozgurerdogan 
 
normalfeatureN/A
feedbackopen 
2.2-beta4 
 
0000707: Would be good if we could automaticly set internal domains for SMTP and POP3?
For users like me who has many mail servers behind endian and runing them behind firewall, has to enter each domain into endian for smtp proxy. So it would be very very helpful if endian could detect them by a admin permision or something like similar but very helpful.
No tags attached.
Issue History
2008-04-23 13:45ozgurerdoganNew Issue
2008-04-24 09:52peter-endianNote Added: 0001038
2008-04-24 09:52peter-endianStatusnew => feedback
2008-04-24 10:00aenderNote Added: 0001039
2008-04-24 13:02ozgurerdoganNote Added: 0001045
2008-04-25 13:38ozgurerdoganNote Added: 0001077
2008-04-30 08:30ra-endianSeveritymajor => feature

Notes
(0001038)
peter-endian   
2008-04-24 09:52   
That would be really cool!
But unfortunately i can't imagine how to detect the domains configured on another mailserver. Do you have any suggestions?
(0001039)
aender   
2008-04-24 10:00   
Idea:

If the SMTP Proxy is in transparent mode you can look at the domains and the mailserver ip in the header from outgoing mails. Then take the domain and the mailserver ip from the internal sender and set it as internal domain with the correct mailserver. It´s something like a learning mode in the smtp proxy or a outgoing firewall rule.

The infos you need are in the header:

- sender email
- sender mailserver ip

Is this a way for a solution?
(0001045)
ozgurerdogan   
2008-04-24 13:02   
Peter,
Yes you are right but I got some ideas:
1.Hard but better way could be:
Endian may only support some of very commonly used ones like Smartermail, Merak etc., in this way you may need to investigate those mail softwares API's to get the domains via api (this is easy part) and in endian, we only enter the smartermail, or merak or whatever mail softwares admin username and password to make the api run. Commonly used mailserver are well known. And many hosting control panels support those. This idea is especially good for hosting companies. And hosting companies use many mail domains. If company has only a few domains that would not be a problem anyway. But those mail software are very commonly used one by hosting companies. I can give you a list with their api samples.


2.(This way is more simple) Or you may for example ask for a database (commonly used like mysql) which stores internal mail servers' domains. Or maybe only from a txt file. As endian only need domain name, txt would be better maybe. So we do the rest by automaticly updating the database or txt file from control panel or from mail server software.

3.Aender's idea is also sound good. OR/PLUS you can do so maybe;
We only enter the internal mail server's ip in endian and endian then compares the outgoing mail's ip with the p that we entered before. If it is same, then endian add the ip to domains list.

I am sure of this, if you could somehow accomplish this, endian will be much much more popular. Because smtp and pop3 or lets say mail traffic is nearly %50 of all needs that expects from a firewall. pecially for hosting companies or many mail domains user behind the endian.

I can not use smtp proxy as everyday I nearly add 5-10 domain into mail server.
So please consider these Peter.
Thanks
(0001077)
ozgurerdogan   
2008-04-25 13:38   
Peter, what do you think? As I wrote above, maybe only getting the list from even a txt file would be much much better than typing all them one by one. Then we do the rest (updating the that txt file and point in endian like www.endian.com/domainlist.txt). Because even in this way, when a new domain is created in mail server, txt file will be updated and everybody is happy :)